Ars IT Security Editor Dan Goodin receives SANS award

Recognized for outstanding reporting on cybersecurity.

One of our more recent additions to the Ars Technica family has been recognized for his work, and by the toughest critics out there: his peers. Ars Technica IT Security Editor Dan Goodin has been named one of the 10 winners of the SANS Institute's "Top Cyber Security Journalist" award. Dan was honored for his feature article "Why Passwords Have Never Been Weaker—and Crackers Have Never Been Stronger," which appeared on Ars in August of this year, and stands as a great example of the kind of long-form journalism we love at Ars. This is the second time Dan has been recognized by the SANS Institute; he was also a 2010 award winner.

The SANS Institute is a cooperative research and education organization for security professionals, and its Top Cyber Security Journalist Award Winners are voted on by a panel of over 110 journalists who write on cybersecurity topics.

At Ars, Dan oversees coverage of malware, computer espionage, botnets, and hardware hacking. He came to Ars from The Register and has over 15 years of journalism experience, including the past seven covering computer security.

We love having Dan on our team, and it's great to see his work recognized. We're especially excited that Dan is already working on another massive security feature series, due out in a few short months.

Having been taught French growing up, my first thought was a "WITHOUT" award. So, he was awarded without getting one? Huh?

("sans" is French for without, like a sleeveless shirt "sans manches")

SAN... NAS... did one group think "I like the initials, lets just reverse it!"?

Yeah, totally agreed with the whole password thing. Having to implement DIACAP and NIST password policies really shows how "rules" only appear to seem like they improve strength, when really, it forces people to write down passwords.

I rely heavily on ArsT for lucid explanations of complex technological phenomena that I can assign to my library-school students. Security matters are no exception. I very much appreciate how good your reportage is, and how well-written.

Woohoo! I've been an avid, well-pleased, reader of Dan's contributions.

Glad he got our of lolsec

(edit below)The article for which he won really made it clear why ordinary users haven't much chance against expert hackers -- those guys have RAINBOW TABLES. Ordinary mortals can't compete with wizards.

I actually used his article to buttress up one of my arguments when having a conversation with someone about the Diablo III account hacks as they were trying to argue they were totally secure and the time it took Blizzard to inform people was short enough that they could not have cracked them therefore there was no risk.

The recent Consumerist.com hacks (again) come to mind. They just came clean on what happened today while they led people on with non answers and PR speak whether their private info was accessed since September 20th.

Anyways Dan is good, I noticed I seem to always like his articles and want to read them more then usual.

Congrats Dan! That was a nice article, and you managed to keep me reading all the four pages IN ENGLISH, without me crying for my mom.

But now that I think about it... you also made me unable to sleep at night with the lights off, and I need hours to shop because my shopping lists are now encrypted using a random 60-character password... AAARGHH, I hate you!!!

got me to mass change all my passwords for ones that are basically imposable to crack unless its stored in Pain text (Finding an app that work on blackberry was fun thought, got an Nokia lumia 800 until get an new android phone so bit limited on it)

Google authenticator is bit annoying if you change your password as it disables all of the Fixed accounts logins for about an hour or so do not work

so many sites that are storing passwords in plaintext (or reversible hash so they can email you your password back to you when you press forgot or when you setup an account) http://plaintextoffenders.com/